Content deleted Content added
m →top |
|||
Line 16:
| cryptanalysis = Attacks have been published that are computationally faster than a full [[brute-force attack]], though none as of 2023 are computationally feasible.<ref name="aesbc">{{cite web |url=http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-url=https://web.archive.org/web/20160306104007/http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-date=March 6, 2016 |title=Biclique Cryptanalysis of the Full AES |access-date=May 1, 2019 |url-status=dead |df=mdy-all}}</ref>
For AES-128, the key can be recovered with a [[computational complexity]] of 2<sup>126.1</sup> using the [[biclique attack]]. For biclique attacks on AES-192 and AES-256, the computational complexities of 2<sup>189.7</sup> and 2<sup>254.4</sup> respectively apply. [[Related-key attack]]s can break AES-256 and AES-192 with complexities 2<sup>99.5</sup> and 2<sup>176</sup> in both time and data, respectively.<ref name = relkey>Alex Biryukov and Dmitry Khovratovich, ''Related-key Cryptanalysis of the Full AES-192 and AES-256'', {{cite web |url=https://eprint.iacr.org/2009/317 |title=Related-key Cryptanalysis of the Full AES-192 and AES-256 |access-date=2010-02-16 |url-status=live |archive-url=https://web.archive.org/web/20090928014006/http://eprint.iacr.org/2009/317 |archive-date=2009-09-28 |at=Table 1}}</ref>
Another attack was blogged<ref name="Bruce Schneier">{{cite web |url=http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |title=Another New AES Attack |author=Bruce Schneier |date=2009-07-30 |work=Schneier on Security, A blog covering security and security technology |access-date=2010-03-11 |url-status=live |archive-url=https://web.archive.org/web/20091005183132/http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |archive-date=2009-10-05}}</ref> and released as a [[preprint]]<ref>{{cite web |url=https://eprint.iacr.org/2009/374 |title=Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds |author=Alex Biryukov |author2=Orr Dunkelman |author3=Nathan Keller |author4=Dmitry Khovratovich |author5=Adi Shamir |date=2009-08-19 |access-date=2010-03-11 |archive-url=https://web.archive.org/web/20100128050656/http://eprint.iacr.org/2009/374 |archive-date=28 January 2010 |url-status=live}}</ref> in 2009. This attack is against AES-256 that uses only two related keys and 2<sup>39</sup> time to recover the complete 256-bit key of a 9-round version, or 2<sup>45</sup> time for a 10-round version with a stronger type of related subkey attack, or 2<sup>70</sup> time for an 11-round version.
Line 24:
The '''Advanced Encryption Standard''' ('''AES'''), also known by its original name '''Rijndael''' ({{IPA|nl|ˈrɛindaːl}}),<ref name="Rijndael-ammended.pdf" /> is a specification for the [[encryption]] of electronic data established by the U.S. [[National Institute of Standards and Technology]] (NIST) in 2001.<ref name="fips-197">{{cite web |url=https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |title=Announcing the ADVANCED ENCRYPTION STANDARD (AES) |publisher=United States National Institute of Standards and Technology (NIST) |work=Federal Information Processing Standards Publication 197 |date=November 26, 2001 |access-date=August 26, 2024 |url-status=live |archive-url=https://web.archive.org/web/20240823165748/https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |archive-date=August 23, 2024}}</ref>
AES is a variant of the Rijndael [[block cipher]]<ref name="Rijndael-ammended.pdf">{{cite web |url=http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |title=AES Proposal: Rijndael |last1=Daemen |first1=Joan |last2=Rijmen |first2=Vincent |date=March 9, 2003 |publisher=National Institute of Standards and Technology |page=1 |access-date=21 February 2013 |url-status=live |archive-url=https://web.archive.org/web/20130305143117/http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |archive-date=5 March 2013}}</ref> developed by two [[Belgium|Belgian]] cryptographers, [[Joan Daemen]] and [[Vincent Rijmen]], who submitted a proposal<ref name="Rijndaelv2">{{cite web |url=http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |url-status=dead |archive-url=https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |archive-date=February 3, 2007 |title=AES Proposal: Rijndael |author=Joan Daemen and Vincent Rijmen |date=September 3, 1999}}</ref> to NIST during the [[Advanced Encryption Standard process|AES selection process]].<ref>{{Cite news |title=U.S. Selects a New Encryption Technique |author=John Schwartz |newspaper=New York Times |date=October 3, 2000 |url=https://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |url-status=live |archive-url=https://web.archive.org/web/20170328215407/http://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |archive-date=March 28, 2017}}</ref> Rijndael is a family of ciphers with different [[key size|key]] and [[Block size (cryptography)|block
AES has been adopted by the [[Federal government of the United States|U.S. government]]. It supersedes the [[Data Encryption Standard]] (DES),<ref>{{cite news |url=http://www.findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |title=NIST reports measurable success of Advanced Encryption Standard |work=Journal of Research of the National Institute of Standards and Technology |first=Harold B. |last=Westlund |date=2002 |url-status=dead |archive-url=https://web.archive.org/web/20071103105501/http://findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |archive-date=2007-11-03}}</ref> which was published in 1977. The algorithm described by AES is a [[symmetric-key algorithm]], meaning the same key is used for both encrypting and decrypting the data.
| |||